'Fraud Insurance' Popup Serves Up Fraud

Below:

Next story in Security

Clever online crooks are hiding dangerous money-stealing malware
in a popup that promises to protect you from — you guessed it —
money-stealing malware.

With the
notorious Tatanga Trojan at their disposal, fraudsters
are forcing rigged Web pages to present a message purporting to
be "free insurance" against online fraud. Discovered last year,
Tatanga thrives by injecting code into the user's Web browser,
which enables the criminals in control of it to hijack the user's
online banking sessions.

Believing they're protecting themselves from a multitude of
financial threats, the victims who purchase this phony coverage
are prompted to authorize a bank transaction to activate the
insurance plan, and then told to enter a one-time text message
password sent to their cellphone.

Entering that password, however, sets the scam in motion, and
enables the money mules to transfer funds from the victims'
accounts to their own.

As with most bank-account-siphoning Trojans, "the ability of
Tatanga and the other cybercrime platforms to commit online fraud
is limited only by the imagination of criminals," Ayelet Heyman
from the
security firm Trusteer wrote.

In the incident the Trusteer researchers found, the crooks set up
the scam to drain the victim's entire bank account if the balance
is between 1,000 and 5,000 EUR (about $1,300 to $6,500).

Make sure you run
strong anti-virus software on your computer to protect
yourself from Tatanga and other banking Trojans, and never enter
your personal or financial information on a site that appears
suspicious, or is not encrypted.